Aggregator

CVE-2023-53469 | Linux Kernel up to 6.4.11 af_unix unix_stream_sendpage use after free

VulDB Recent Entries
8 months 2 weeks ago
A vulnerability classified as critical was found in Linux Kernel up to 6.4.11. This issue affects the function unix_stream_sendpage of the component af_unix. The manipulation results in use after free. This vulnerability is known as CVE-2023-53469. Access to the local network is required for this attack. No exploit is available. Upgrading the affected component is advised.
vuldb.com

CVE-2023-53468 | Linux Kernel up to 5.4.234/5.10.172/5.15.99/6.1.17/6.2.4 ubifs alloc_wbufs memory leak

VulDB Recent Entries
8 months 2 weeks ago
A vulnerability classified as critical has been found in Linux Kernel up to 5.4.234/5.10.172/5.15.99/6.1.17/6.2.4. This vulnerability affects the function alloc_wbufs of the component ubifs. The manipulation leads to memory leak. This vulnerability is traded as CVE-2023-53468. Access to the local network is required for this attack to succeed. There is no exploit available. It is recommended to upgrade the affected component.
vuldb.com

CVE-2023-53462 | Linux Kernel up to 5.10.194/5.15.131/6.1.53/6.5.3 hsr Driver net/hsr/hsr_forward.c fill_frame_info uninitialized variable

VulDB Recent Entries
8 months 2 weeks ago
A vulnerability described as critical has been identified in Linux Kernel up to 5.10.194/5.15.131/6.1.53/6.5.3. This affects the function fill_frame_info of the file net/hsr/hsr_forward.c of the component hsr Driver. Executing manipulation can lead to use of uninitialized variable. This vulnerability appears as CVE-2023-53462. The attacker needs to be present on the local network. There is no available exploit. Upgrading the affected component is recommended.
vuldb.com

CVE-2023-53452 | Linux Kernel up to 6.1.27/6.2.14/6.3.1 net/core/dev.c race condition

VulDB Recent Entries
8 months 2 weeks ago
A vulnerability marked as critical has been reported in Linux Kernel up to 6.1.27/6.2.14/6.3.1. Affected by this issue is some unknown functionality of the file net/core/dev.c. Performing manipulation results in race condition. This vulnerability is reported as CVE-2023-53452. The attacker must have access to the local network to execute the attack. No exploit exists. It is suggested to upgrade the affected component.
vuldb.com

CVE-2023-53448 | Linux Kernel up to 6.1.41/6.4.6 fbdev release_mem_region privilege escalation

VulDB Recent Entries
8 months 2 weeks ago
A vulnerability labeled as critical has been found in Linux Kernel up to 6.1.41/6.4.6. Affected by this vulnerability is the function release_mem_region of the component fbdev. Such manipulation leads to privilege escalation. This vulnerability is documented as CVE-2023-53448. The attack requires being on the local network. There is not any exploit available. The affected component should be upgraded.
vuldb.com

CVE-2022-50469 | Linux Kernel up to 5.15.74/5.19.16/6.0.2 os_intfs.c rtw_init_drv_sw return value

VulDB Recent Entries
8 months 2 weeks ago
A vulnerability identified as critical has been detected in Linux Kernel up to 5.15.74/5.19.16/6.0.2. Affected is the function rtw_init_drv_sw of the file drivers/staging/r8188eu/os_dep/os_intfs.c. This manipulation causes unchecked return value. This vulnerability is registered as CVE-2022-50469. The attack requires access to the local network. No exploit is available. You should upgrade the affected component.
vuldb.com

CVE-2023-53523 | Linux Kernel up to 6.4.6 gs_usb_disconnect null pointer dereference

VulDB Recent Entries
8 months 2 weeks ago
A vulnerability was found in Linux Kernel up to 6.4.6. It has been rated as critical. This affects the function gs_usb_disconnect. The manipulation leads to null pointer dereference. This vulnerability is listed as CVE-2023-53523. The attack must be carried out from within the local network. There is no available exploit. Upgrading the affected component is advised.
vuldb.com

Learn How Leading Security Teams Blend AI + Human Workflows (Free Webinar)

The Hackers News
8 months 2 weeks ago
AI is changing automation—but not always for the better. That’s why we’re hosting a new webinar, "Workflow Clarity: Where AI Fits in Modern Automation," with Thomas Kinsella, Co-founder & Chief Customer Officer at Tines, to explore how leading teams are cutting through the hype and building workflows that actually deliver.The rise of AI has changed how organizations think about automation.
The Hacker News

How Leading Security Teams Blend AI + Human Workflows (Free Webinar)

不安全
8 months 2 weeks ago
文章探讨了AI在现代自动化中的角色及其潜在问题。过度依赖AI可能导致系统脆弱性增加、决策不透明以及难以审计。作者建议结合人类判断、传统自动化和AI技术,构建可靠、可解释的工作流程,并邀请观众参加网络研讨会以获取实用策略。

CVE-2022-50462 | Linux Kernel up to 6.1.1 MIPS put_device memory leak

VulDB Recent Entries
8 months 2 weeks ago
A vulnerability was found in Linux Kernel up to 6.1.1. It has been declared as critical. The impacted element is the function put_device of the component MIPS. Executing manipulation can lead to memory leak. This vulnerability is tracked as CVE-2022-50462. The attack is only possible within the local network. No exploit exists. It is recommended to upgrade the affected component.
vuldb.com

CVE-2022-50450 | Linux Kernel up to 6.0.15/6.1.1 /src/libbpf/src/libbpf.c elf_getshdrnum e_shnum heap-based overflow

VulDB Recent Entries
8 months 2 weeks ago
A vulnerability was found in Linux Kernel up to 6.0.15/6.1.1. It has been classified as critical. The affected element is the function elf_getshdrnum in the library /src/libbpf/src/libbpf.c. Performing manipulation of the argument e_shnum results in heap-based buffer overflow. This vulnerability is identified as CVE-2022-50450. The attack can only be performed from the local network. There is not any exploit available. Upgrading the affected component is recommended.
vuldb.com

Red Hat OpenShift AI Flaw Exposes Hybrid Cloud Infrastructure to Full Takeover

The Hackers News
8 months 2 weeks ago
A severe security flaw has been disclosed in the Red Hat OpenShift AI service that could allow attackers to escalate privileges and take control of the complete infrastructure under certain conditions. OpenShift AI is a platform for managing the lifecycle of predictive and generative artificial intelligence (GenAI) models at scale and across hybrid cloud environments. It also facilitates data
The Hacker News

Google Drive for desktop will spot, stop and remedy ransomware damage

Help Net Security
8 months 2 weeks ago

Google has rolled out AI-powered ransomware detection and file restoration features in Drive for desktop, Google’s official file syncing and access app for Windows and macOS. Currently in open beta, this new layer of defense is not meant to stop traditional ransomware that encrypts files on disk, but to counteract its corruption. From detection to rollback “Our AI-powered detection in Drive for desktop identifies the core signature of a ransomware attack — an attempt to … More →

The post Google Drive for desktop will spot, stop and remedy ransomware damage appeared first on Help Net Security.

Zeljka Zorz

Exium by NETGEAR brings unified SASE and firewall protection to SMEs and MSPs

Help Net Security
8 months 2 weeks ago

NETGEAR announced a tailored security solution for small and medium-sized enterprises (SMEs). Building on an acquisition made earlier this year, NETGEAR is delivering Exium, an all-in-one Secure Access Service Edge (SASE) and hybrid firewall solution designed for SMEs and the managed service providers (MSPs) that support them. SMEs face rising cybersecurity threats According to the Verizon Data Breach Investigations Report SMEs faced more than 3,000 cybersecurity incidents, nearly four times as many cybersecurity incidents as … More →

The post Exium by NETGEAR brings unified SASE and firewall protection to SMEs and MSPs appeared first on Help Net Security.

Industry News

Managed ad